Create admin project in controller in deployment without keystone

When keystone is not present only default-project is created in controller. WebUI doesn't treat like regular resource and doesn't permit some operations on it, so a regular project needs to be created. Change-Id: Ifcb61d6a1600e6abacde67cd13b55c181c28a085 Closes-Bug: #1791084
Juniper · Sep 10, 2018 · cb06a65 · cb06a65
1 parent 9907f9a
commit cb06a65
Show file tree

Hide file tree

Showing 8 changed files with 674 additions and 526 deletions.
diff --git a/adapters/secondary/controller_rest/controller_helpers_test.go b/adapters/secondary/controller_rest/controller_helpers_test.go
@@ -34,10 +34,23 @@ import (
 func NewTestClientAndProject(tenant string) (*controller_rest.ControllerAdapterImpl, *types.Project) {
 	fakeApiClient := api.NewFakeApiClient()
 	c := controller_rest.NewControllerAdapterImpl(fakeApiClient)
+	project := NewTestProject(c, controller_rest.DomainName, tenant)
+	return c, project
+}
 
-	project, err := c.NewProject(controller_rest.DomainName, tenant)
+func NewTestProject(c *controller_rest.ControllerAdapterImpl, domainName, tenantName string) *types.Project {
+	testProject, err := c.NewProject(domainName, tenantName)
 	Expect(err).ToNot(HaveOccurred())
-	return c, project
+	return testProject
+}
+
+func CreateTestProject(c contrail.ApiClient, domainName, tenantName string) *types.Project {
+	project := new(types.Project)
+	project.SetFQName("domain", []string{domainName, tenantName})
+	err := c.Create(project)
+	Expect(err).ToNot(HaveOccurred())
+	Expect(project).ToNot(BeNil())
+	return project
 }
 
 func CreateTestNetworkWithSubnet(c contrail.ApiClient, netName, subnetCIDR string,
@@ -64,7 +77,8 @@ func CreateTestNetwork(c contrail.ApiClient, netName string,
 
 func RemoveTestSecurityGroup(c contrail.ApiClient, groupName string,
 	project *types.Project) {
-	secGroupFqName := fmt.Sprintf("%s:%s:default", controller_rest.DomainName, tenantName)
+	secGroupFqName := fmt.Sprintf("%s:%s:%s", controller_rest.DomainName, tenantName,
+		controller_rest.DefaultSecurityGroup)
 	secGroup, err := types.SecurityGroupByName(c, secGroupFqName)
 	err = c.Delete(secGroup)
 	Expect(err).ToNot(HaveOccurred())
@@ -79,9 +93,10 @@ func AddSubnetWithDefaultGateway(c contrail.ApiClient, subnetPrefix, defaultGW s
 
 	var ipamSubnets types.VnSubnetsType
 	ipamSubnets.AddIpamSubnets(subnet)
+	ipamFqName := fmt.Sprintf("%s:%s:%s", controller_rest.DomainName, controller_rest.DefaultProject,
+		controller_rest.DefaultIPAM)
 
-	ipam, err := c.FindByName("network-ipam",
-		"default-domain:default-project:default-network-ipam")
+	ipam, err := c.FindByName("network-ipam", ipamFqName)
 	Expect(err).ToNot(HaveOccurred())
 	err = testNetwork.AddNetworkIpam(ipam.(*types.NetworkIpam), ipamSubnets)
 	Expect(err).ToNot(HaveOccurred())

diff --git a/...s/secondary/controller_rest/controller.go → ...ondary/controller_rest/controller_impl.go b/...s/secondary/controller_rest/controller.go → ...ondary/controller_rest/controller_impl.go
@@ -29,8 +29,13 @@ import (
 )
 
 const (
-	// DomainName specifies domain name in Contrail
-	DomainName = "default-domain"
+	// Default resources in Contrail
+	DomainName           = "default-domain"
+	DefaultProject       = "default-project"
+	DefaultSecurityGroup = "default"
+	DefaultIPAM          = "default-network-ipam"
+	// Admin project in Contrail
+	AdminProject = "admin"
 )
 
 type ControllerAdapterImpl struct {
@@ -46,34 +51,70 @@ func NewControllerAdapterImpl(apiClient contrail.ApiClient) *ControllerAdapterIm
 	return client
 }
 
-// TODO: this method is only used by tests - it can probably be removed from ControllerAdapterImpl
-// entirely and moved to helpers.
 func (c *ControllerAdapterImpl) NewProject(domain, tenant string) (*types.Project, error) {
 	project := new(types.Project)
 	project.SetFQName("domain", []string{domain, tenant})
 	if err := c.ApiClient.Create(project); err != nil {
 		return nil, err
 	}
 
-	// Create security group as soon as project is created. This mimics contrail API server
-	// behaviuor. We can do it here, because NewProject method is used only in tests (see
-	// method comment).
-	if _, err := c.createSecurityGroup(domain, tenant); err != nil {
+	// Create security group and network ipam as soon as project is created.
+	// This reflects contrail orchestrator plugins' behaviour.
+	secGroup, err := c.createSecurityGroup(domain, tenant, DefaultSecurityGroup)
+	if err != nil {
+		if warn := c.ApiClient.Delete(project); warn != nil {
+			log.Warnln("Failed to delete project %s after failed default security group creation: %v", tenant, warn)
+		}
+		return nil, err
+	}
+	if _, err := c.createNetworkIPAM(domain, tenant, DefaultIPAM); err != nil {
+		if warn := c.ApiClient.Delete(secGroup); warn != nil {
+			log.Warnln("Failed to delete default security group after failed default IPAM creation: %v", warn)
+		}
+		if warn := c.ApiClient.Delete(project); warn != nil {
+			log.Warnln("Failed to delete project %s after failed default IPAM creation: %v", tenant, warn)
+		}
 		return nil, err
 	}
 
 	return project, nil
 }
 
-func (c *ControllerAdapterImpl) createSecurityGroup(domain, tenant string) (*types.SecurityGroup, error) {
+func (c *ControllerAdapterImpl) GetOrCreateProject(domain, tenant string) (*types.Project, error) {
+	project, err := c.GetProject(domain, tenant)
+	if err == nil && project != nil {
+		return project, nil
+	}
+	return c.NewProject(domain, tenant)
+}
+
+func (c *ControllerAdapterImpl) GetProject(domain, tenant string) (*types.Project, error) {
+	projectFQName := fmt.Sprintf("%s:%s", domain, tenant)
+	project, err := types.ProjectByName(c.ApiClient, projectFQName)
+	if err != nil {
+		return nil, err
+	}
+	return project, nil
+}
+
+func (c *ControllerAdapterImpl) createSecurityGroup(domain, tenant, name string) (*types.SecurityGroup, error) {
 	secgroup := new(types.SecurityGroup)
-	secgroup.SetFQName("project", []string{domain, tenant, "default"})
+	secgroup.SetFQName("project", []string{domain, tenant, name})
 	if err := c.ApiClient.Create(secgroup); err != nil {
 		return nil, err
 	}
 	return secgroup, nil
 }
 
+func (c *ControllerAdapterImpl) createNetworkIPAM(domain, tenant, name string) (*types.NetworkIpam, error) {
+	ipam := new(types.NetworkIpam)
+	ipam.SetFQName("project", []string{domain, tenant, name})
+	if err := c.ApiClient.Create(ipam); err != nil {
+		return nil, err
+	}
+	return ipam, nil
+}
+
 func (c *ControllerAdapterImpl) CreateNetworkWithSubnet(tenantName, networkName, subnetCIDR string) (*types.VirtualNetwork, error) {
 	net, err := c.GetNetwork(tenantName, networkName)
 	if err == nil {
@@ -305,7 +346,7 @@ func (c *ControllerAdapterImpl) GetOrCreateInterface(net *types.VirtualNetwork,
 }
 
 func (c *ControllerAdapterImpl) assignDefaultSecurityGroup(iface *types.VirtualMachineInterface, tenantName string) error {
-	secGroupFqName := fmt.Sprintf("%s:%s:default", DomainName, tenantName)
+	secGroupFqName := fmt.Sprintf("%s:%s:%s", DomainName, tenantName, DefaultSecurityGroup)
 	secGroup, err := types.SecurityGroupByName(c.ApiClient, secGroupFqName)
 	if err != nil || secGroup == nil {
 		return fmt.Errorf("Failed to retrieve security group %s by name: %v", secGroupFqName, err)